MITRE ATT&CK Mapping

GBHackers Campaigns Amazon GitHub Intel Kubernetes NEW 3h ago

Shai-Hulud Worm Steals Dev Secrets Across npm, GitHub, AWS & Kubernetes

Shai-Hulud is a major cybersecurity threat targeting the open-source software supply chain. Security researchers are raising alarms over “Shai-Hulud,” a self...

T1195

GBHackers →

The Hacker News Supply Chain Apple Intel NEW 5h ago

TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but...

T1195

The Hacker News →

SecurityWeek Supply Chain 6h ago

OpenAI Hit by TanStack Supply Chain Attack

Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories. The post OpenAI Hit by TanStack Supply...

T1195

SecurityWeek →

SecurityWeek Malware 6h ago

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code

The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards. The post TeamPCP Ups the Game, Releases Shai...

T1195

SecurityWeek →

GBHackers Vulnerability Disclosure 9h ago

TeamPCP Hackers Exploit CI/CD Pipelines to Steal Cloud Credentials

A financially motivated threat group known as TeamPCP is aggressively targeting modern software supply chains, abusing trusted CI/CD pipelines to steal sensi...

T1195

GBHackers →

GBHackers Malware Oracle 11h ago

Popular node-ipc npm Library Hit by Supply Chain Attack, Impacting 822K Weekly Downloads

A widely used npm package with more than 822,000 weekly downloads has once again become the center of a serious supply chain attack, raising fresh concerns a...

T1195 T1598

GBHackers →

The Record Campaigns Apple 20h ago

OpenAI asks macOS users to update after TanStack npm supply chain attack

The actions are being taken in light of an expanding supply chain campaign impacting the popular open-source library TanStack and additional npm and PyPI pac...

T1195

The Record →

BleepingComputer Data Breach 21h ago

OpenAI confirms security breach in TanStack supply chain attack

OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the comp...

T1195

BleepingComputer →

The Hacker News Vulnerability Disclosure Palo Alto Networks 1d ago

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply ch...

T1195

The Hacker News →

GBHackers Campaigns 1d ago

TeamPCP, BreachForums Launch $1K Supply-Chain Attack Contest

A new cybercrime campaign is turning supply chain attacks into a public competition, as TeamPCP and BreachForums operators launch a $1,000 contest that encou...

T1195

GBHackers →

SC Media Data Breach Apple Amazon 1d ago

Axios breach shows why software supply chains need zero trust

The axios breach shows trusted identities, not code flaws, now drive supply chain attacks.

T1195

SC Media →

GBHackers Malware Amazon GitHub Kubernetes 1d ago

170 npm Packages Hijacked to Steal GitHub, AWS & Kubernetes Secrets

Hackers have launched a large-scale supply chain attack by compromising more than 170 npm packages and two PyPI libraries, collectively downloaded over 200 m...

T1195

GBHackers →

SC Media Supply Chain 1d ago

Trusted by default: The npm attack pattern security teams miss

Developers are now the prime target in evolving npm supply chain attacks.

T1195

SC Media →

CSO Online Supply Chain 2d ago

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

The TeamPCP threat group has pulled off another big supply chain attack which within a few hours this week was able to successfully compromise 170 Node Packa...

T1195

CSO Online →

The Hacker News Supply Chain 3d ago

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "maj...

T1195 1 IOC

The Hacker News →

SecurityWeek Campaigns 3d ago

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 400 malicious versions of 170 packages were published as part of the new Mini Shai-Hulud campaign. The post TanStack, Mistral AI, UiPath Hit in Fresh Su...

T1195

SecurityWeek →

CSO Online Vulnerability Disclosure Intel 3d ago

Developer workstations are the new beachhead

I spent the first week of April reading three separate threat intelligence reports that, on the surface, had nothing in common. One covered a North Korean ca...

T1195

CSO Online →

The Hacker News Campaigns Oracle 3d ago

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, ...

T1195

The Hacker News →

GBHackers Campaigns 3d ago

Checkmarx Jenkins AST Plugin Compromised in KICS Supply Chain Attack

Supply chain campaign has now extended to Checkmarx’s Jenkins ecosystem, with attackers pushing a malicious Checkmarx Jenkins AST plugin to the official Jenk...

T1195

GBHackers →

HackRead Zero-Day Google GitHub 3d ago

Google Says Hackers Used AI to Develop a Zero-Day Exploit

Google researchers say hackers used AI to develop zero-day exploits, Android backdoors, and automated supply chain attacks targeting GitHub and PyPI.

T1195

HackRead →